Shamus,
Clearly you only want to the Log() line to be called for a "Suspicious" caller,
but if you are testing, it should be easy to see if the Log() call occurs while
viewing "asterisk -r".
Lonnie
On Aug 14, 2013, at 1:23 PM, Shamus Rask wrote:
> I must be doing something wrong. I added the following to the context where
> SIP calls come in:
>
> exten => s,1,Set(BANIP=${CHANNEL(recvip)})
> same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
> same => n,Hangup(3)
>
>
> However, when I look in either /var/log/messages or
> /var/log/asterisk/messages I don't see any log entries identified with the
> above.
>
> My adaptive-ban.conf looks like:
> ENABLED=1
> ADAPTIVE_BAN_FILE="/var/log/messages"
> ADAPTIVE_BAN_TIME=120
> ADAPTIVE_BAN_COUNT=3
> ADAPTIVE_BAN_TYPES="sshd asterisk"
> ADAPTIVE_BAN_REJECT=0
> ADAPTIVE_BAN_WHITELIST_INTERNAL=1
> ADAPTIVE_BAN_WHITELIST=""
>
> Is there something obvious that I'm missing?
>
> cheers,
> S.
>
>
> On 2013-08-13, at 9:46 PM, Shamus Rask <sha...@srask.ca> wrote:
>
>> Lonnie,
>>
>> Many thanks… I had searched through the archives, but was having problems
>> finding a solution.
>>
>> cheers,
>> Shamus
>>
>>>
>>> Message: 5
>>> Date: Tue, 13 Aug 2013 12:51:32 -0500
>>> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
>>> Subject: Re: [Astlinux-users] adaptive-ban for SIP calls
>>> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
>>> Message-ID: <24cfed6d-918b-4cc2-ab71-58b109904...@lonnie.abelbeck.com>
>>> Content-Type: text/plain; charset=us-ascii
>>>
>>> Hi Shamus,
>>>
>>> This question has come up before, and the community answer was to not
>>> automatically ban those in the adaptive-ban plugin since that error can be
>>> easily generated by user's misdialing.
>>>
>>> If you search back on the users list there were dialplan alternatives to
>>> detect these kind of errors and add a banned host via the dialplan.
>>> --
>>> ; For Asterisk 1.6+
>>> exten => s,n,Set(BANIP=${CHANNEL(recvip)})
>>> exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
>>> --
>>> Then the adaptive-ban plugin will act on the above generated log. This way
>>> you have more control over what to ban or not.
>>>
>>> Lonnie
>>>
>>>
>>> On Aug 13, 2013, at 12:02 PM, Shamus Rask wrote:
>>>
>>>> Currently running the latest (v112) release of Astlinux. I have enabled
>>>> the adaptive-ban and ids-protection firewall plugins. My AstLinux box is
>>>> sitting behind my router, where I have port-forwaded 5060-5061 for SIP and
>>>> my RTP ports.
>>>>
>>>> I just took a look in /var/log/asterisk/messages and found the snippet
>>>> below. What is the best way to block these "attacks"?
>>>>
>>>>
>>>> [Aug 13 12:44:09] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5074) to extension '011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:10] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5084) to extension '9011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5090) to extension '00972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5070) to extension '1011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:12] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5082) to extension '0011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:13] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5071) to extension '7011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:14] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5084) to extension '8011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>>
>>>>
>>>> cheers,
>>>> Shamus
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
